Blog Posts Tagged with "Security Strategy"

We have all heard that a defense in depth is required for an effective security program. But in many ways defense in depth has become a security blanket for companies, rather than a strategy. The number of different technologies may give a nice sense of security, but provides negligible added value...

Almost every single product's marketing page has "Ease of Use" as one of the checkbox features, it's rare that this actually manifests itself in the real products. The end result of difficult to use security products is clear - security breaches are rampant. You don't have to take my word for it...

Patching is just one small part of the solution that includes Anti-virus, firewalls, intrusion detection systems, strong authentication, encryption, physical locks, disabling of scripting languages, reduced personal information on social networks,as part of a healthy lifestyle solution...

A smart CIO knows when to stay out of tactical initiatives within the company, let his team get on with it, and keeps the focus on the big picture, says Anjan Bose, CIO Haldia Petrochemicals Ltd. Bose equips himself to see IT as a component of business, and never business as means to deploy IT...

Information security is not unlike most professional industries. Whenever anything goes wrong, it’s never really our fault. With a large number of people to point the finger at, it’s almost too easy to shift the blame. So, this year, I’d like to set off on a more positive and accountable route...

Right results are not the measurement of success. How you arrive at the results is more important. It is not all about results. Of course results are important, done the right way. Lots of us in the community have been saying that the industry is broke and that we’re looking for ways to fix it...

Seemingly innocuous and common digital copiers once again flag just how many locations potentially sensitive data can be found in a typical business that result in a data breach or inadvertent release or disclosure of protected or confidential information...

CIOs need to stop talking jargon to their business colleagues, says Harvey Koeppel, Executive Director, Center for CIO Leadership. Have conversations around the business benefits behind that jargon and you will immediately get active support right up to the CEO...

Information is the lifeblood of not just corporations but organized crime and terrorism, says Steve Durbin of the Information Security Forum. Durbin says we may have to give up some individual privacy in return for security...

Without a deeply embedded structured approach to security systems design, Anderson argued that we find ourselves in the situation we are in today, with applications and operating systems full of bugs, vulnerabilities and other serious security flaws...

Sarbanes Oxley, an almost bottomless pit of money poured into achieving compliance. And then we wonder why people view security in a negative light. It’s because all they ever hear is do this or you’ll get fined, do that or you’ll be sent to jail, threats threats threats. It’s all about negative threats...

For many of the issues we worry about the chances of them happening might be 1 in a 100,000 or 1 in 10 million. Your chances of something bad happening may equate to the same statistics as winning the lottery, which is very slim, but you still might play the number...

You cannot outsource blame. You HAVE to take responsibility for your organization's mistakes. Whether they be IT, vendor, even mistakes made by your most trusted employees. You don’t have to be an expert in security, you just have to make informed decisions to control your organization...

Technology must play a vital role in protecting confidential data and intellectual property, but the most important way to achieve a high degree of success in securing an organization's information assets is through training and awareness programs...

We just finished grading the results of Project Honeynet Log Mysteries” Challenge, and there are some useful lessons for BOTH future challenge respondents and to log analysts and incident investigators everywhere. If you look at the challenge at high level, things seem straight forward...

Your management has given you the task to implement business continuity, but you're not really sure how to do it. Although it is not an easy task, you can use the BS 25999-2 methodology to make your life easier - here are the main steps necessary to implement this standard...